Hot!Subordinate CA certificate showed within local (end-entity), not within Fortinet CA certs

Author
Antoine
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/08/19 01:53:47
  • Location: España
  • Status: offline
2020/11/03 10:49:50 (permalink) 6.0
0

Subordinate CA certificate showed within local (end-entity), not within Fortinet CA certs

I have created a new certificate request for local certificates (using the GUI), using ECDSA p256 cryptographic parameters.
Then I signed it at my root CA with a template of subordinate CA (basic constraint cA:TRUE); and I imported the signed certificate back into the FG. Of course the certificate of the root CA is itself trusted by the FG.
However, the new certificate does not appear in the GUI along the "local CA certificates" as I would expect, rather along the other "certificates." Is it correct? or is it a simple GUI bug?
 
I do know that at the CLI level all those certificates are handled jointly, so I do not believe this could have a functional impact. Also I am able to correctly select the new (sub) CA for deep inspection, and it works flawlessly.
#1

2 Replies Related Threads

    boneyard
    Gold Member
    • Total Posts : 364
    • Scores: 16
    • Reward points: 0
    • Joined: 2014/07/30 11:15:18
    • Status: offline
    Re: Subordinate CA certificate showed within local (end-entity), not within Fortinet CA ce 2020/11/20 01:55:09 (permalink)
    0
    which version, in 6.2 i have the sub CA listed under: Remote CA Certificate
    #2
    Antoine
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/08/19 01:53:47
    • Location: España
    • Status: offline
    Re: Subordinate CA certificate showed within local (end-entity), not within Fortinet CA ce 2020/11/23 11:50:41 (permalink)
    0
    As I marked as a tag, I was seeing that on 6.0 (actually 6.0.11). However it seems to me the same thing is occurring on 6.2.5 as well: the sub-CA certificate which the device has the key for appears as "Local certificate".
     
    Did you generate the private key for the subordinate CA on your device (as opposed to importing the Sub-CA certificate, along with its key, into the Fortigate)?
     
    Also, I agree Sub-CA certificates for which the device does NOT have the private key would appear as "Remote CA"/"External CA" certificates, as one can expect (which is what confuses me, done for ones but not others.)
    #3
    Jump to:
    © 2020 APG vNext Commercial Version 5.5